CPRA compliance


Get ready for the California Privacy Rights Act (CPRA)

Understand how CPRA will impact your business and digital activities, and how Didomi can help solve key challenges.

  Request a demo

What to expect

July 2023: CPRA enforcement begins


California consumers have new rights:

Opt-out of the sharing or selling personal information, including third-party advertising. Opt-in is required for Sensitive Personal Information, including geolocation.


Correct and delete their personal data. Businesses sharing this data are also obliged to notify third parties of any consumer amend/delete requests. 


Know how long a business intends to retain each category of their personal information, and/or the criteria used for determining retention periods.


Opt-out of a business’s use of “automated decision-making technology,” including consumer profiling.


As a business, you have new obligations

Display a privacy notice informing consumers of personal information collection.

Provide users with a way to exercise their rights (i.e., processing Data Subject Requests aka DSAR).

Keep data collected to a minimum, and limit purposes for collection.

Carry out risk assessments and fulfill cybersecurity requirements.

CPRA fines

Financial and reputational risks for a business:

Fines up to $7,500 per intentional violation / per impacted user = potentially millions.


Fines up to $2,500 per unintentional violation.


Reputation and loss of trust (40% of consumers would switch brands after a negative privacy experience*).


CPRA eliminates the 30-day cure period for correcting violations offered under the CCPA, its predecessor.


* source: Google/IPSOS

Learn more about CPRA

CPRA checklist
CPRA checklist
Download the CPRA checklist
Learn more read more link arrow
Privacy requests whitepaper
DSAR whitepaper
Why DSAR management is key for CPRA
Learn more read more link arrow
US webinar series
Latest webinars
Access our latest webinars on CPRA and other privacy topics
Learn more read more link arrow

What is the digital impact of CPRA?



Impact on analytics

If  users opt out of your CPRA privacy notices, you cannot measure analytics performance (sessions/sales) or share data across your MarTech ecosystem.

Important: server-side tracking is not exempt. If users opt-out, you’ll need to calculate performance with data modelling.

  Request a demo


Impact on media performance

As a business, your ability to run remarketing audiences depends on users agreeing to your CPRA privacy notices and staying opted in to processing their personal data.

If users opt out, you cannot track conversions, resulting in lower in-platform performance and fewer data points for AI optimization.

If you are a site publisher, you won't be able to maximize advertising revenue if users opt out.



Impact on user experience

Mapping out the customer journey is much harder if users opt-out of CPRA notice.

Gaining user trust is the key, ensuring their choices are respected and giving them simple and transparent ways to access their data at all times. 

Clear language, reliable technology and attractive interfaces help to avoid bounce (i.e., when users leave a website due to confusing or off-putting privacy notices).

Didomi helps you manage requirements
for CPRA and privacy laws worldwide.





Consent management

Ensure user choices and transparency in all countries and devices.

Create privacy notices that reflect your brand while easily managing your site vendors and purposes. 

Generate proofs of consent in a few clicks, from a single source of truth.

Measure and optimize consent rates with advanced Analytics.

Detect, apply and respect Global Privacy Control (GPC).



Streamlined fulfilment of Privacy Requests

No more manual handling of requests.

Intuitive processes that reassure website users and ease the burden on your own team.

Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.


Questions about the impact of CPRA?

Our expert Joshua Revan will be happy to help.